* debian/rules : Add "--enable-command-args". (LP: #1555258)
This update enables the command-args support in nrpe
by not ignoring option "dont_blame_nrpe=1". By default,
the option is set as follow : "dont_blame_nrpe=0", which
has the same effect of having the command-args support
disabled at compile time like Debian does. Ubuntu has decided
to deviate from Debian upstream for that particular case to
allow/unblock the Ubuntu users of nrpe to make the choice for
themselves whether to accept the security risks that the feature
involve by manually enabling command-args in nrpe.cfg or not.
For more details as of why Debian has decided to disable the
feature can be found in debian/NEWS. (closes: #756479)
* [5bf9b20] Add 10_remote_execution_exploit_fix.dpatch patch (LP: #1555258)
As requested by the security team.
-- Eric Desrochers <email address hidden> Mon, 08 May 2017 08:01:10 -0400
This bug was fixed in the package nagios-nrpe - 2.15-1ubuntu3
---------------
nagios-nrpe (2.15-1ubuntu3) yakkety; urgency=medium
* debian/rules : Add "--enable- command- args". (LP: #1555258) nrpe=1" . By default, nrpe=0" , which
This update enables the command-args support in nrpe
by not ignoring option "dont_blame_
the option is set as follow : "dont_blame_
has the same effect of having the command-args support
disabled at compile time like Debian does. Ubuntu has decided
to deviate from Debian upstream for that particular case to
allow/unblock the Ubuntu users of nrpe to make the choice for
themselves whether to accept the security risks that the feature
involve by manually enabling command-args in nrpe.cfg or not.
For more details as of why Debian has decided to disable the
feature can be found in debian/NEWS. (closes: #756479)
* [5bf9b20] Add 10_remote_ execution_ exploit_ fix.dpatch patch (LP: #1555258)
As requested by the security team.
-- Eric Desrochers <email address hidden> Mon, 08 May 2017 08:01:10 -0400